diff --git a/project.clj b/project.clj index fa6467a..b713e62 100644 --- a/project.clj +++ b/project.clj @@ -15,7 +15,7 @@ :dependencies [[org.clojure/clojure "1.5.1"] [org.clojure/tools.reader "1.3.2"] - [com.taoensso/encore "2.122.0"] + [com.taoensso/encore "2.124.0"] [org.iq80.snappy/snappy "0.4"] [org.tukaani/xz "1.8"] [org.lz4/lz4-java "1.7.1"]] @@ -29,7 +29,9 @@ :1.8 {:dependencies [[org.clojure/clojure "1.8.0"]]} :1.9 {:dependencies [[org.clojure/clojure "1.9.0"]]} :1.10 {:dependencies [[org.clojure/clojure "1.10.1"]]} - :test {:jvm-opts ["-Xms1024m" "-Xmx2048m"] + :test {:jvm-opts ["-Xms1024m" "-Xmx2048m" + "-Dtaoensso.nippy.serializable-whitelist-base=base.1, base.2" + "-Dtaoensso.nippy.serializable-whitelist-add=add.1 , add.2"] :dependencies [[org.clojure/test.check "1.1.0"] [org.clojure/data.fressian "1.0.0"] [org.xerial.snappy/snappy-java "1.1.7.6"]]} diff --git a/src/taoensso/nippy.clj b/src/taoensso/nippy.clj index 02d9d66..cf4b2ab 100644 --- a/src/taoensso/nippy.clj +++ b/src/taoensso/nippy.clj @@ -2,6 +2,7 @@ "High-performance serialization library for Clojure" {:author "Peter Taoussanis (@ptaoussanis)"} (:require + [clojure.string :as str] [clojure.java.io :as jio] [taoensso.encore :as enc :refer [cond*]] [taoensso.nippy @@ -24,8 +25,8 @@ LazySeq IRecord ISeq IType])) (if (vector? enc/encore-version) - (enc/assert-min-encore-version [2 121 0]) - (enc/assert-min-encore-version 2.121)) + (enc/assert-min-encore-version [2 124 0]) + (enc/assert-min-encore-version 2.124)) (comment (set! *unchecked-math* :warn-on-boxed) @@ -281,6 +282,11 @@ (def default-serializable-whitelist #{}) +(defn- split-class-names>set [s] (when (string? s) (if (= s "") #{} (set (mapv str/trim (str/split s #"[,:]")))))) +(comment + (split-class-names>set "") + (split-class-names>set "foo, bar:baz")) + (enc/defonce ^:dynamic *serializable-whitelist* "Used when attempting to freeze or thaw an object that: - Does not implement Nippy's Freezable protocol. @@ -303,7 +309,21 @@ Default value for v2.14.2 is: `(constantly true)`. Default value for v2.15.x is: `#{}`. - See also `swap-serializable-whitelist!`. + Value may be overridden with `swap-serializable-whitelist!` or with: + + - `taoensso.nippy.serializable-whitelist-base` JVM property + - `taoensso.nippy.serializable-whitelist-add` JVM property + + - `TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_BASE` env var + - `TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_ADD` env var + + If present, these will be read as comma-separated lists of class + names and formed into sets. Initial whitelist value will then be: + (into (or ) ). + + I.e. you can use: + - The \"base\" property/var to override Nippy's default whitelist. + - The \"add\" property/var to add to Nippy's default whitelist. Strings in sets may contain \"*\" wildcards. @@ -359,7 +379,23 @@ [2] Jackson maintains a list of common gadget classes at https://github.com/FasterXML/jackson-databind/blob/master/src/main/java/com/fasterxml/jackson/databind/jsontype/impl/SubTypeValidator.java" - default-serializable-whitelist) + (let [whitelist-base + (or + (when-let [s (enc/get-sys-val + "taoensso.nippy.serializable-whitelist-base" + "TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_BASE")] + (split-class-names>set s)) + default-serializable-whitelist) + + whitelist-add + (when-let [s (enc/get-sys-val + "taoensso.nippy.serializable-whitelist-add" + "TAOENSSO_NIPPY_SERIALIZABLE_WHITELIST_ADD")] + (split-class-names>set s))] + + (if (and whitelist-base whitelist-add) + (into (enc/have set? whitelist-base) whitelist-add) + (do whitelist-base)))) (comment (.getName (.getSuperclass (.getClass (java.util.concurrent.TimeoutException.))))) diff --git a/test/taoensso/nippy/tests/main.clj b/test/taoensso/nippy/tests/main.clj index 71c6c70..4548939 100644 --- a/test/taoensso/nippy/tests/main.clj +++ b/test/taoensso/nippy/tests/main.clj @@ -280,7 +280,10 @@ (binding [nippy/*serializable-whitelist* #{"java.util.concurrent.*"}] (nippy/thaw (nippy/freeze (java.util.concurrent.Semaphore. 1))))) - "Strings in whitelist sets may contain \"*\" wildcards")) + "Strings in whitelist sets may contain \"*\" wildcards") + + (is (= nippy/*serializable-whitelist* #{"base.1" "base.2" "add.1" "add.2"}) + "JVM properties override initial serializable-whitelist value")) ;;;; Benchmarks